Government agencies across the globe – whether they be state, local, central, or federal – face a digital transformation imperative to adopt cloud, IoT, and mobile technologies that legacy systems often struggle to keep up with.
This white paper explores how to take an architectural approach centered around APIs and microservices to unlock monolithic legacy systems for digital transformation.
Find out how to build up your API management strategy, and learn how you can:
Accelerate project delivery driven by reusable microservices
Secure data exchange within and outside agencies
Use API-led connectivity to modernize legacy systems
And more
2. 2
EXECUTIVE SUMMARY
Government agencies across the globe - whether they be state, local, central, or federal - face a digital transformation
imperative. Increasingly sophisticated digital services provided by the private sector have increased citizen expectations of
government. For many agencies, legacy IT stacks and inflexible budgetary requirements stand in the way of meeting these
expectations. Furthermore, the convergence of multiple industry-disrupting “mega-trends,” including cloud, IoT, mobile, and
big data, has led to an explosion of connectivity endpoints, complicating the path toward digital government.
For government IT teams to keep pace with citizen expectations, they must increase IT agility without compromising security.
We propose that an architectural approach centered around APIs and microservices should be used to unlock monolithic
legacy systems where core data and services are siloed. Doing so can increase the speed of IT project delivery, leading to
more efficient, cost-effective, responsive government.
3. 3
CHALLENGES FACING GOVERNMENT IT
While IT teams across different government agencies have
distinct strategic priorities and projects, nearly all grapple
with how to deliver on an increasing number of projects
within the confines of a fixed budget. The ubiquitous
emergence of this challenge can be attributed to three key
factors: an evolution in citizen expectations, the global trend
toward austerity in government, and the convergence of
technological megatrends.
Experience with best in class private sector service
providers like Uber, Amazon, and Google have raised
citizens digital expectations from government. Citizens
expect transparency, accessibility, and responsiveness from
government services, and those expectations are only rising
as the private sector continues to innovate along these
lines. In fact, a survey of US citizens conducted by Accenture
in 2016 indicated that 85% of citizens expect “the same or
higher quality” from government digital services as they do
from commercial organizations.
Delivering on these expectations has proved to be
enormously challenging for government. Often, government
agencies are funded by legislatures who have minimal
understanding of what’s needed to execute on IT projects.
Furthermore, unlike private sector companies, who can
more easily expand their project delivery capacity through
outsourcing or increasing budget, government must instead
find creative solutions to get more value out of the resources
they have available.
Delivering on citizen expectations in an environment of
austerity has been further complicated by the convergence
of multiple tech mega-trends like mobile, SaaS, cloud, and
big data. These trends have led to an increase in the number
of IT projects government is expected to deliver. Few of
these changes have been met with a corresponding increase
in IT budget, forcing government IT teams to do more with
less.
WHY GOVERNMENT MUST CHANGE ITS IT
OPERATING MODEL
In our experience, addressing the spiraling growth of IT
projects in government requires the development of two
new capabilities that are currently unmet by status quo
approaches.
1. Accelerated project delivery driven by reusable
assets and shared services. To address the growing IT
project delivery gap in government, agencies must stop
“reinventing the wheel” with each incremental project,
and instead, seek to build and leverage shared services.
Traditional architectural approaches centered around
point-to-point integration are unable to fulfill these
needs. Without reusing integration work across projects,
or across agencies, governments are unable to increase
the speed at which they can deliver projects without
adding incremental staffing. Limited budgets typically
rule this out as a tenable option. Furthermore, point-to-
point integration creates architectural brittleness over
time, making the agencies less flexible and adaptive to
change. It also creates a dependence on legacy systems,
increasing maintenance costs and reducing budget for
innovation and net new projects.
2. Secure data exchange within and outside agencies.
More than ever, agencies have to coordinate together in
order to provide quality citizen experiences and deliver
on their mission. The inability for agencies to access each
others’ data in a fast and secure manner often constrains
them from efficiently and cost-effectively delivering IT
projects.
Point-to-point integration also fails to address secure
data exchange across agencies, as it does not provide for
high-level visibility into how data is accessed. Consider:
every agency has its own security policies that need
to be enforced before allowing any exchange of data.
Furthermore, multiple stores (e.g. LDAPs, databases,
Identity Management Systems) need to be used for
authenticating and authorizing the requests. In addition,
agencies have to comply with heightened government
data security requirements. Without central governance
for data security or compliance, it becomes difficult to
trace security breaches or audit sensitive data access.
1
Accenture, Digital government: “Good enough for government” is not good enough, https://www.accenture.com/t20160912T095949__w__/
us-en/_acnmedia/PDF-30/Accenture-Digital-Citizen-Experience-Pulse-Survey-POV.pdf
4. 4
BEYOND POINT-TO-POINT:
LEVERAGING REUSABLE MICROSERVICES TO INCREASE IT PROJECT DELIVERY IN
GOVERNMENT
As we will show below, moving beyond point-to-point connectivity requires an approach centered around
the development of connectivity assets that are both reusable across different projects and contexts, and
discoverable by the teams that need them. In our experience, enabling that approach requires that monolithic
services be broken down into smaller, constituent microservices. Agencies that employ this approach
simultaneously realize greater project delivery speed and security, but only if they do so in such a way that
drives reuse of these microservices across the enterprise.
DEFINING MICROSERVICES WITHIN THE CONTEXT OF GOVERNMENT
In government, it’s common for key data, services, and applications to be siloed within legacy systems. Making
changes to the applications running on these systems can be a monumental undertaking spanning months,
or even years - strangling agility and increasing costs. Because of this, many have started to explore ways to
modernize these systems. Microservices represent one of the most promising avenues for innovation.
For the purposes of this whitepaper, we define a microservice has having four distinct components:
• An API contract that exposes and governs standardized access to the microservice in a way that promotes
loose coupling between distinct microservices.
• Business logic flows that route, enrich, transform, aggregate, or otherwise processes data.
• Connectivity that can expose data or services in a manner that is agnostic to the end-consuming
application or system.
• A distinct runtime engine that executes the microservice.
A microservices architecture, in concert with modern
cloud deployment, API management, and integration
technologies, provides a novel approach to software
development which avoids the challenges of software
delivery associated with monolithic applications. Under
this architectural paradigm, the monolith is “broken
up” into a set of independent microservices that are
developed, deployed, maintained and consumed
separately.
5. 5
Many agencies have prioritized legacy modernization
as a means of increasing IT agility and capabilities while
reducing costs. APIs provide a highly effective means of
doing so, enabling secure access to legacy systems in a
way that maintains system integrity and abstracts away the
complexity of these systems from their underlying data and
services. One agency MuleSoft worked with leveraged this
approach to anchor an initiative designed to provide access
to hundreds of disparate government services from a single
platform. To power this initiative, the agency used APIs to
expose data and services from legacy systems spanning
across over 40 different government departments to a front-
end application built on the Salesforce platform.
This API-led approach has conferred a number of benefits.
In addition to enabling one-stop-shop access to different
services, using APIs to unlock data from legacy systems has
enabled the agency to digitize and automate services that
previously required manual interaction across different state
agencies. This resulted in an 50% increase in the number of
digitally delivered services. Furthermore, this approach has
paved a way towards migrating off of many legacy systems
that were approaching end-of-life, leading to further IT cost
reductions. Last but not least - governing access to sensitive
citizen data through APIs instead of through point-to-point
code bolstered the overall security of the platform.
According to the IT director responsible for the project,
“using MuleSoft and taking an API-led approach to our
overall architecture was critical. MuleSoft has provided us
with a robust and flexible platform that not only supports
our current activities but allows us to extend them over
time. Their tools are an integral part of our entire operation.”
By unlocking these systems with APIs, the director and his
team plan on continuing to accelerate digital service delivery,
with a goal of increasing the number of digitally delivered
services by an additional 40% over the next 3 years.
CUSTOMER SPOTLIGHT:
ANONYMOUS AUSTRALIAN STATE AGENCY
USING API-LED CONNECTIVITY TO MODERNIZE LEGACY SYSTEMS
INCREASING PROJECT DELIVERY SPEED WITH A MICROSERVICES ARCHITECTURE
A microservice architecture aligns with the business in such a way that changes to the agency - whether they be the
passage of new laws or the introduction of new technologies - can be dealt with in an agile fashion. Business processes and
transactions are automated with the composition of microservices. When processes are changed or when new ones are
introduced, IT can quickly respond by re-wiring services into new compositions, instead of picking out code from a monolithic
application to adapt to modern requirements. This accelerates the speed at which IT can execute on individual projects.
Microservices architectures also enable accelerated project delivery across the agency by facilitating easier reuse. Within
government, there are many tasks like provisioning of hardware and software that are both repetitive, and common across
agencies. Because of this, asset reuse can produce enormous IT productivity gains. Yet, today, limited re-use is realized across
monolithic applications. These applications, by definition, hide their internals.
In contrast, microservices promote reuse by exposing their functionality through a standardized API contract that any
project team can leverage without needing to understand the underlying business logic of the microservice. In addition,
as a function of their smaller scope, microservices can be used across a much larger variety of projects and business
contexts. Furthermore, by decoupling services from their end consumers, multiple project teams from different domains can
implement microservices with their own choice of technology, yet remain aligned with the broader mission of the agency,
encouraging project teams to reuse existing microservices instead of building their own.
6. 6
IT challenges facing State Departments of Labor have been
well documented, with a 2013 report commissioned by the
GAO highlighting that these departments “face a number
of challenges in updating their aging legacy systems and
moving program operations to a modern web-based IT
environment.” Indeed, core IT processes managed by State
Labor Departments, from determining benefit eligibility, to
calculating benefit amounts, to processing tax adjustments,
are often dependent on large monolithic applications written
in COBOL and hosted on a mainframe.
Such monolithic applications strangle agility and increase
costs in a number of ways. Few developers hold the skillset
required to work with these dated systems, creating skill
bottlenecks whenever the code needs to be modified in
response to legislative changes. For example, whenever
the law changed the unemployment tax rate, or the length
unemployment benefits would be extended for, or the
amount that unemployment recipients would receive,
developers needed to unpick and make substantial
changes to the underlying code governing the application.
Furthermore, the systems themselves were difficult to pull
data from, making satisfying federal reporting requirements
a time-intensive and costly process. Last not but least, these
systems are extremely expensive to maintain, sucking away
scarce budgetary resources away from innovation.
Recently, MuleSoft began a long-term engagement with a
State Department of Labor to help them migrate from two
monolithic applications - “Benefits System” and “Tax System”
- to a microservices-based approach that would reduce
costs, eliminate developer skill bottlenecks, and increase
project delivery speed.
The department and MuleSoft designed a three-phase
approach toward their migration:
• Phase 1 - COBOL code is migrated to Java. This approach
keeps the user interface layer running as is, and migrates
the persistence layer to a relational database with one big
database object representing equivalent files.
• Phase 2 - Database Objects are normalized into business
entities. These are designed to be accessed by the UI
layer through a set of APIs (services). This paves the way
for abstraction and removes hard coupling. Additionally,
these system APIs will be governed through a set of
security policies.
• Phase 3 - Process and experience APIs are created to
provide services at the “Business Domain Level”.
Modernization of the Department of Labor’s COBOL
Mainframe Systems through a microservices architecture
will allow the department to sidestep the challenges facing
their peers in other states. Their end vision is for this new
architecture to provide them with the ability to make
changes to parts of the application without impacting others,
as well as faster project delivery speed through reuse of
services, and improved governance via secured access to
services.
CUSTOMER SPOTLIGHT:
ANONYMOUS STATE DEPARTMENT OF LABOR
2
Unemployment Insurance Information Technology: States Face Challenges in Modernization Efforts
LEVERAGING MICROSERVICES TO INCREASE OPERATIONAL AGILITY
7. 7
LEVERAGING MICROSERVICES TO ENABLE SECURE DATA EXCHANGE WITHIN AND ACROSS AGENCIES
Historically, government IT teams have had to grapple with balancing the agility conferred by opening up access to systems
and the need to secure the underlying data. As the complexity of agency missions grows, secure data sharing has grown in
importance. Increasingly, key government IT initiatives span across multiple agencies, who must effectively coordinate and
share data in order to execute on the broader mission. Data security has been a consistent roadblock stymying this type of
data sharing, as each agency wants full control over their own data.
Furthermore, security itself has grown in complexity due to the proliferation of applications that have entered the agency IT
ecosystem. Each new app requires and enables access to organizational data and assets, and unless the security team was
explicitly involved in the app’s creation, acquisition and delivery, users inside and outside the organization may have access to
data and the ability to expose it without the knowledge of central IT. While microservices architectures can clearly accelerate
the sharing of data within and outside the agency, some have concerns that, by expanding the number of services that need
to be governed, microservices could ostensibly complicate security.
Based on our experience working across different government agencies, what we’ve found is that the API contract intrinsic
to the microservice allows agencies to have the best of both worlds, supporting increased project delivery speed without
compromising security. Consider: with a microservices architecture, each microservices can be exposed via an API that serves
as a standardized, well-defined entry point that is easy to visualize and secure. Because of this, API policies can be applied to
securing these APIs, thereby governing access to the underlying microservice data.
Common API policies we’ve seen used across government agencies include, but are not limited to:
• Security policies (e.g. authentication, authorization, LDAP security, encryption)
• Compliance policies (e.g. CORS enabled)
• Quality of service policies (e.g. throttling, rate limiting)
These and other API policies counter-balance the general goals of the microservice architecture to expose business
capabilities across every user channel by placing restrictions on what or how much is exposed on any one channel, but in
a way that does not significantly hamper agility in the process. In doing so, they enable secure sharing of data within and
outside the agency.
8. 8
When the Affordable Care Act was passed in 2009, Colorado
elected to be one of the 17 states to create their own health
insurance marketplace instead of using federal systems.
They also opted into Medicaid expansion, increasing the
number of public health insurance applications that needed
to be processed. To process the oncoming influx of new
Medicaid applications, the State of Colorado had 6 months
to build a new integrated system to process applications
online. As part of their “Cloud First” initiative, the project IT
team decided to develop the application on Salesforce.
The project presented a number of connectivity challenges
that necessitated a new approach. Since the application
was being developed on in the cloud, the State of Colorado
needed a robust, hybrid integration platform to bridge
across between cloud and various on-premise systems,
such as the agency’s legacy Benefit Management System.
Furthermore, the application necessitated secure data
sharing across multiple state and federal agencies, including
the Social Security Administration and the Department of
Homeland Security, each of whom holds key data needed
to make a Medicaid eligibility determination. Last but not
least, they needed that platform to accelerate developer
productivity so the project could be delivered on time and
within budget.
MuleSoft’s Anypoint Platform was chosen as the integration
backbone to enable secure communication with other
critical systems and increase developer productivity. Using
the Salesforce connector, developers easily connected their
new eligibility portal with other key on-premise and cloud
systems required to support the Medicaid application and
determination process. This developer-first experience,
combining out-of-the-box functionality, reusable integration
templates and graphical data mapping capability enabled
developers to be productive almost immediately.
Furthermore, MuleSoft enabled the State of Colorado to
pivot from a point-to-point integration approach to one
centered reusable APIs, which accelerated their project
delivery speed and enabled more effective secure data
sharing outside the State. As Michael Brown, Deputy CTO
highlighted, “Before using MuleSoft, all of our integrations
were point-to-point, and that was problematic because we
were having to do things the same way over and over again.
With MuleSoft, we’re able to leverage the technology in a
way that allows us to not have to reinvent the wheel, and
that’s very important to us because of the limited resources
that a state government has.”
As a result of these newfound productivity gains, Colorado’s
new Medicaid eligibility platform was launched on-time
and more than 277,000 applications were processed by the
system, enabling Colorado citizens to receive health care
benefits during the first 6 months of health care reform.
CUSTOMER SPOTLIGHT:
STATE OF COLORADO DEPARTMENT OF HUMAN SERVICES
DRIVING MEDICAID EXPANSION BY USING APIS TO SECURELY SHARE DATA ACROSS AGENCIES
Reference Architecture, State of Colorado DHS Medicaid
Application Platform
9. 9
API-LED CONNECTIVITY ENABLES THE SUCCESSFUL ADOPTION OF MICROSERVICE REUSE
Even after decomposing a monolithic application into constituent microservices, many of the benefits of this approach are
lost if IT does not provide the means for these services to be accessed and reused across the enterprise.
To maximize the impact of microservice reuse, we propose a three-tiered model of system, process, and experience APIs to
enable agility while minimizing disruption to core systems.
In the above architecture, system APIs or system-level microservices are in line with the concept of an autonomous service
which has been designed with enough abstraction to hide the underlying systems of record. None of these system details are
leaked through the API. The responsibility of the API is discrete and agnostic to any particular business process.
Process APIs allow IT to orchestrate data from various systems into distinct services or business objects that can be reused
within or outside the agency.
Further agility in the architecture is provided by experience APIs which are geared towards a specific set of users. For
example, if an agency wanted to add mobile support to a pre-existing desktop application, they would simply need to create a
mobile experience API that calls the process APIs shared by the desktop application.
Using APIs to expose microservices to a broader audience transforms IT into a platform that allows disparate project teams
across the agency to self-serve, increasing the speed at which they can deliver on projects in support of the agency’s mission
by eliminating the re-work typically associated with point-to-point integration. Over the long term, the inherent decoupling of
systems this approach also facilitates increased agility, since changes to employee or citizen-facing edge applications are not
gated by changes to antiquated legacy mainframe systems.
API-led connectivity
10. 10
In the US, State Departments of Transportation (DoT) have
jurisdiction over public transportation and associated
infrastructure. Due to the sheer number of assets they
have to manage, many are increasing their investments in
IoT solutions. One State DoT partnered with MuleSoft to
build an innovative IoT solution to provide more responsive
road maintenance, powered by a composable architecture
centered around APIs.
The state in question is prone to frequent snowstorms and
blizzards, and when storms hit, the State DoT is in charge of
deploying snowplows to clear the roads. In order to improve
the speed at which they could clear roads, they decided to
build a portal to provide snowplow dispatchers with real-
time data from citizen complaint systems, weather trackers,
and other key systems.
At first, they tried to tackle this project with custom point-to-
point code. This approach quickly became unmanageable,
due to the need to write code for each additional snowplow
and tracker added to the system. They turned to Mulesoft to
implement a more scalable approach. With MuleSoft, they
enabled real-time automatic vehicle location (AVL) updates
from Zonar, a fleet management system, through a REST
API call. These AVL updates are pushed to backend systems,
which subsequently supply data to the dispatch team
and citizen-facing applications. By reusing the same core
integration assets across each snowplow brought online,
they have significantly reduced program maintenance costs
and improved developer productivity.
Due to the increase in project delivery speed conferred by
MuleSoft, the department is now able to take on additional
projects with the same amount of resource. For example,
the department is now exploring an API strategy that would
expose data to external applications like Google, Uber, and
Waze to supply them with real-time updates on scheduled
road repairs, traffic, and accidents. In accordance with
the principles of API-led connectivity, each of these end-
consumers would call the same APIs, eliminating the need
for the agency to hard-code integrations to these external
partners. This is the first of many new initiatives the agency
is planning on implementing with their newfound agility.
CUSTOMER SPOTLIGHT:
ANONYMOUS STATE DEPARTMENT OF TRANSPORTATION
LEVERAGING API-LED CONNECTIVITY TO ACCELERATE IOT DEPLOYMENT
11. 11
ANYPOINT PLATFORM:
THE SOLUTION FOR ENABLING API-LED MICROSERVICES ARCHITECTURES IN GOVERNMENT
Forward-thinking agencies’ success with API-led architectures shows that the challenges facing government IT are by no
means insurmountable. By using APIs to unlock, decompose, and govern access to legacy systems, government agencies can
accelerate IT project delivery speed, enabling them to better deliver on their mission. MuleSoft’s Anypoint Platform is uniquely
suited to supporting this type of IT transformation.
KEY FEATURES INCLUDE:
One unified platform for microservices and API-led connectivity
MuleSoft marries the integration and API lifecycle management capabilities needed to realize API-led connectivity on a single
runtime. This simplifies the adoption of API-led connectivity in government, contrasted with cobbling together the capabilities
needed across different platforms.
End-to-end support for the API and microservice lifecycle
MuleSoft’s Anypoint Platform natively supports the ability for IT to design, collaborated on, build, test, deploy, publish, and
manage APIs. It also provides a ‘single pane of glass’ management UI from which they can manage the microservice runtime,
its constituent APIs, and its messaging endpoints.
Ubiquitous connectivity
With a library of over 140+ connectors, MuleSoft supports the ability to rapidly connect to any source of data residing
within an agency, whether it be a legacy mainframe or IBM i system, or a modern cloud application. This enables the rapid
implementation of the API building blocks that anchor an API-led architecture.
Write once, deploy anywhere: on-premise, or in the cloud
As government IT transitions to the cloud, MuleSoft provides a hybrid deployment environment that allows agencies and
bureaus to manage their entire suite of integrations across cloud and on-premise systems from a single management plane.
This provides government IT teams with a long-term solution to design applications that best meet citizens’ needs without
being tied to a specific deployment environment.
Pre-defined policies to accelerate secure data sharing
MuleSoft’s Anypoint Platform enables agency administrators to enforce governance through the use of out-of-the-box
policies, or the creation of new policies. These policies can be applied to any service coming out of an agency without making
any configuration changes to the service itself.
Complete visibility into data-flow within and outside the agency
Anypoint Platform enables full control of data movement within and outside the agency, and provides a comprehensive view
of this data movement for government IT security personnel. It also enables consistent policy enforcement, with auditing and
analytics available for every data call coming from within or outside the agency.
12. 12
MULESOFT:
THE CONNECTIVITY PLATFORM FOR GOVERNMENT
The unique constraints government IT must grapple with - a preponderance of legacy systems, a confined budget,
heightened data security requirements - should not serve as a roadblock hindering mission execution. By leveraging APIs
and microservices as a foundation of an IT strategy centered around shared services and asset reuse, governments can
meet, and even exceed the private sector in the quality of service it provides citizens.
ABOUT MULESOFT
MuleSoft’s Anypoint Platform is trusted by over 1000 enterprises worldwide including over 10 US federal civilian and
defense agencies, and is the only vendor to be named a Leader in both the Gartner Magic Quadrant for Full Lifecycle API
Management and the Gartner Magic Quadrant for Enterprise Integration Platform as a Service (iPaaS).